Presentation is loading. Please wait.

Presentation is loading. Please wait.

D Guidance 26-Jun: Would like to see a refresh of this title slide

Similar presentations


Presentation on theme: "D Guidance 26-Jun: Would like to see a refresh of this title slide"— Presentation transcript:

1 PIEE (Procurement Integrated Enterprise Environment) Generic Single Sign On (SSO)
D Guidance 26-Jun: Would like to see a refresh of this title slide. Should be able to see representation of all services and civilians (i.e. humanitarian effort). Director would like for us to bring him a few recommendations of possible design refreshes.

2 SSO Solution OAuth (Open Authentication)
OAuth is an open standard for authentication. OAuth allows users to hand out tokens instead of credentials to their data hosted by a given service provider. Each token grants access to a specific site (e.g. Wide Area Workflow e-Business Suite) for specific resources (e.g. user’s first name, last name) and for a defined duration (e.g. the next 5 minutes). OpenID Connect OpenID Connect is used in conjunction with OAuth 2.0 to allow registered SSO client applications access to user information from PIEE Applications. OpenID requests must first be authorized by OAuth 2.0. User Info can include: User ID, First Name, Last Name, Enabled Flag, DOD ID, Address, Title, and Organization. For more information about OpenID Connect, please visit For more information about OAuth, please visit

3 SSO Overview Trusted System SSO Client Application in PIEE
Account Registration, Approval, and Single Sign On SSO Client Application in PIEE OAuth to authorize user, then OpenID to retrieve info.

4 SSO Sequence Diagram User’s Browser Trusted System Target PIEE
Application User Accesses the Trusted System Log onto Trusted System Create Session User Clicks on the SSO Client Application Sends request to specified URL provided by client application User Requests access to the SSO Client User’s Browser Receives URL Build OAuth authorization URL to User Send OAuth HTTP(S) redirect URL to user’s browser Format of the URL request: <Trustedsys Sever URL>/portal/oauth2/authorize?response_type=code &client_id=<Provided client ID>&redirect_uri=<Client provided redirect URI> Browser Redirects to provided URL Validate provided Client ID Redirect to Trusted Sys Browse Receive Redirect From Trusted System Redirect to browser Create Authorization Code

5 SSO Sequence Diagram User’s Browser Trusted System
Target PIEE Application Browser redirects back to SSO client Browser redirects to provided redirect URI in step 3 Receive authorization code Format of the URL response: <Client redirect URI>?code=<Trust generated authorization code> Validate POST Request received Send POST Request to Trust Sys Build OAuth authorization request to Trusted System POST Request must include a HTTP Authorization of base 64 encoded client ID and password provided to SSO client application (example: Authorization: Basic ZGFpY2xpZW50OIFhendzeEAx) POST Request URL format: <Trust Server URL>/portal/oauth2/ token?grant_type=authorization_code& code=<Authorization Code Provided>&redirect_uri=<Client redirect URI> Authorization JSON Data Format: { “user_id”:”<userId>”, “expires_in”:”300”, (seconds until access token expires) “refresh_token”:”<refresh token>” “access_token”:”<access token>” (token used to retrieve user information) } Create Authorization token JSON data Send POST Response to client Receive JSON Authorization token data

6 SSO Sequence Diagram User’s Browser Trusted Systems Target PIEE
Application User JSON Data Format can include: {    “userId":“<userId>",    "roles":[       { <role particular information>       }    ],    “dodId":“<EDPI Number>",    "title":“<user’s title>",    "organization":”<user’s organization>”,    "firstName":“<first name>",    "lastName":“<last name>",    "enabled":true,    " ":“< address>",    "phoneNumber":“<phone number>",    "dsnPhoneNumber":”<DSN phone>” } Note: this can change based on the SSO Client’s needs Validate the access token received Send Get Request to Trusted Sys Build request for user data (per OpenID Connect) Get Request URL format: <Trust Server URL>/userdata/ <provided user ID>?oauth_token= <provided access token> Build JSON response of User’s Data Send response to client Receive requested User JSON data

7 SSO More Information For more information on interfacing with PIEE system SSO, you may view the document linked below for sample requests and detailed steps.

8 Questions/Comments???


Download ppt "D Guidance 26-Jun: Would like to see a refresh of this title slide"

Similar presentations


Ads by Google